CVE-2020-8339 – A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM Blade …

15 September 2020

Vuln ID: CVE-2020-8339

Published: 2020-09-15 15:15:14Z

Description: A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Advanced Management Module (AMM) web interface prior to version 3.68n [BPET68N]. This vulnerability could allow an authenticated user’s AMM credentials to be disclosed if the user is convinced to visit a malicious web site, possibly through phishing. Successful exploitation requires specific knowledge about the userâ€™s network to be included in the malicious web site. Impact is limited to the normal access restrictions of the user visiting the malicious web site, and subject to the user being logged into AMM, being able to connect to both AMM and the malicious web site while the web browser is open, and using a web browser that does not inherently protect against this class of attack. The JavaScript code is not executed on AMM itself.

Source: NVD.NIST.GOV

Date:

15 September 2020

Categorie(s):

NVD

Tag(s):

NVD

Trustifi’s Email Security Awareness Training – Empowering MSPs to Train & Protect Clients16 April 2024
Security, automation and developer experience: The top DevOps trends of 202416 April 2024
Alleged cryptojacker accused of stealing $3.5M from cloud to mine under $1M in crypto16 April 2024
US Senate to Vote on a Wiretap Bill That Critics Call ‘Stasi-Like’16 April 2024
PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497)16 April 2024